Windows Hello: Unauthorized access over network

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

Windows Hello: Unauthorized access over network

CVE-2026-27928

Summary

A flaw in Windows Hello's security feature can allow an attacker to access a user's account over a network without permission. This can happen if a hacker sends malicious input to a Windows Hello system. To protect against this, ensure that Windows Hello is configured and used correctly, and keep your system and software up to date with the latest security patches.

Original title

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

Original description

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

nvd CVSS3.1 8.7

Vulnerability type

CWE-20 Improper Input Validation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026